Overview
These endpoints handle customer password recovery and changes — request a reset link by email, reset the password with the emailed token, or change it while signed in.
How It Works
- Forgot - The customer requests a reset link, sent to their email.
- Reset - They open the link and submit a new password with the token it carries.
- Update - A signed-in customer changes their password directly (no email round-trip).
Example: A customer who forgot their password uses Forgot → Reset; a signed-in customer uses Update.
API Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /api/v1/sdk/password/forgot | Forgot password |
POST | /api/v1/sdk/password/reset | Reset password |
POST | /api/v1/sdk/password/update | Update password |
Important Behaviors
- Forgot/Reset are public; Update requires a bearer token.
- No account disclosure: Forgot returns
404for an unknown email rather than revealing whether it exists. - Strong passwords: When password enforcement is enabled, new passwords must meet complexity rules.